9 Social Engineering Cases

Grace Empowerment is a not-for-profit Christian Organization started in the year 2013 at Chelmsford, MA. We are hosting Alpha group at WhatsApp to provide a chance to explore life and the Christian faith in a friendly, open and informal online environment at WhatsApp. The Alpha group host will post the SD Alpha video link and discussion questions at the Alpha group.

We have started the Facebook Prayer Group Service and Alpha Group at WhatsApp service since January, 2021. The Facebook personal profiles has gotten 5,000 friends. For Alpha group at WhatsApp, we have gotten up to 21 guests coming from 14 countries: Ghana, Nigeria, Uganda, Kenya, Benin, Pakistan, Bangladesh, India, China, Taiwan, and USA.

While Grace Empowerment is hosting Alpha group at WhatsApp, God has assigned the Alpha group host to take Security+ Certificate Exam for studying cybersecurity attack. I asks God that I already have a busy life for having a full-time job and part-time volunteering at Grace Empowerment. Why extra effort to study network security exam? What is the purpose?

When I look back, I praise God for leading my section manager to push me to take the 40 hours of training for Security+ Certificate (SY0-501) exam. The exam requires me analyze and recognize all network attacks including social engineering (phishing, vishing, Impersonation, HOAX, and Watering hole attack). The social engineering uses the strategies: authority, intimidation, consensus, scarcity, familiarity, trust, and urgency.

“Jesus called his twelve disciples to him and gave them authority to drive out impure spirits and to heal every disease and sickness… “I am sending you out like sheep among wolves. Therefore be as shrewd as snakes and as innocent as doves.”” (Matthew 10:1…16)

Signs of the End of the Age

“3 And as he (Jesus) sat upon the Mount of Olives, the disciples came unto him privately, saying, tell us, when shall these things be? and what shall be the sign of thy coming, and of the end of the world?... 9 Then shall they deliver you up to be afflicted, and shall kill you: and ye shall be hated of all nations for my name's sake.10 And then shall many be offended, and shall betray one another, and shall hate one another…12 And because iniquity shall abound, the love of many shall wax cold…14 And this gospel of the kingdom shall be preached in all the world for a witness unto all nations; and then shall the end come.” (Matthew 24)

Therefore, I would like to document the following 8 social engineering (con game) cases since January 2021:

·      Case 1 (Baiting): A rich widow with long-term cancer is dying and she wants to donate to a non-profit organization. If you are interest, please click the website link. This is a spear-phishing case for non-profit organizations.

<GEM host> the host replied: “Thank you God for your donation heart, please donate her money to the UNICEF USA for the needed children.” The guest posted her French origin Personal Identification card to the host. The host immediately mentioned to her that there are a lot of bad people as social engineer for getting her Personal Identification Information (PII). She should not post her ID to the host. It is dangerous for her. Then, she told the host that she supports orphans in Africa. Afterward, she left the Alpha group.

·      Case 2 (Familiarity): A divorced military man with a young son wanted the host to help him by sending $900.00 to him. He was in mission now. He posted his son’s photos. He wanted to use the money to pay for his vacation so that he could return to see his son in us. This is a spear-phishing case for targeting woman with a caring heart. He uses techniques (authority, familiarity, trust and urgency). (Note: this guest has used two different identifications including a US army contractor at secret mission and Texas Oil company contractor working at Italy, etc. He got confused himself several times during his messenger texts. You have to pay attention to how he writes his text.)

<GEM host> the host invited the guest to join Alpha group and prayed to God directly for asking our heavenly father to help him. Also, the host sends the following bible verses to the guest: 

Warning against Idleness

"In the name of the Lord Jesus Christ, we command you, brothers and sisters, to keep away from every believer who is idle and disruptive and does not live according to the teaching you received from us. For you, know how you ought to follow our example (Apostle Paul). We were not idle when we were with you, nor did we eat anyone’s food without paying for it. On the contrary, we worked night and day, laboring and toiling so that we would not be a burden to any of you. We did this, not because we do not have the right to such help, but in order to offer ourselves as a model for you to imitate. For even when we were with you, we gave you this rule: “The one who is unwilling to work shall not eat.” (2 Thessalonians 6:6-10)

·      Case 3 (Urgency): A working father did not have enough money to pay the hospital bill of his son. He posted several photos of his son and the hospital video. He asked the host to send $500.00 to him.

<GEM host> the host replied with a prayer to ask God to open doors to help the guest. The host sent the Lord’s Prayer to teach the guest how to pray to God for his need. The host also turned on the WhatsApp mute notification for 1 week.

·      Case 4 (Disaster): A villager showed the photo of his orphanage school was damaged by the typhoon. He asked for donation to fix his school. He posted the broken building photo and his children at the Alpha group.

<GEM host> the host replied with her prayer to God for opening doors to give donation to him for fixing the building. Also, the host asked the guest to use the FREE Alpha video link to teach his children.

·      Case 5 (Spear phishing): A young man wanted to have donation for purchasing a sewing machine so that he could work as a tailor.

<GEM host> the host replied that her young daughter loves sewing. Her daughter worked for two years to save the money for purchasing the sewing machine. He should go to work and save money to buy the sewing machine. He remains silent.

·      Case 6 (Urgency): A young man have secondary school education, is unemployed and no food to eat. He requested GEM to help him.

<GEM host> the host suggested him to serve as volunteer at his school in the village as a start. May God give him a job opportunity to work? Amen.

·      Case 7 (Urgency): A young man told the host to get donation for data messaging money, ask for money because his father is at the hospital, and he has to take care of 12 orphans. He displayed the church photo for showing that he is a Christian.

<GEM host> the host suggested the guest went to his local church and ask for help.

·      Case 8 (Familiarity): A young man told the host that his grandpa is the head of orphanage. He demonstrated that he knows the bible by telling the host there are 4 bibles in New Testament. He asks the host to support him to study at seminary.

<GEM host> the host suggested the guest went to his grandpa to ask for a bible and started reading.

·      Case 9(Urgency): A guest is working at the sea of Italy. He broke the company system and needed to borrow money for repairing the system immediately.

<GEM host> the host suggested the guest to ask God to open a door for him. Base on the software engineering job experience of host, this case is invalid.

 Indeed, the social engineering cases are scary. However, I believe God protects Grace Empowerment from the social engineering attacks: 

“What then shall we say to these things? If God is for us, who can be against us?” (Romans 8:31)

Dear God, please protect your sons and daughters in this end time. Please give the discernment to us for distinguishing the act of mischievous person. Please send your Holy Spirit to punish the social engineers and lead them to repent. Pray in the name of Jesus Christ. Amen.

For details, see the following blogs:

“InfoSEC: The most common social engineering attacks [updated 2020]”

https://resources.infosecinstitute.com/topic/common-social-engineering-attacks/

“Forbes: Beware Of These Top Five Social Engineering Scams” <https://www.forbes.com/sites/forbesbusinesscouncil/2020/10/26/beware-of-these-top-five-social-engineering-scams/?sh=1f72c3975f39>

8 Social Engineering Cases